 |
Previous: Configuration files
Try it!
See the picture below? It's called demo.jpg.
Right-click on it, select "properties" and check: demo.jpg,
right? |
 |
|
So now: take a closer look at demo.jpg. Click
here,
or type it into the title bar. (On Firefox, you can even "View image".) Notice
any difference?
But it's the same file, isn't it? |
DeLeach
Troubleshooter:
If you're having technical problems, this is your first port of
call.
How do I get a basic DeLeach installation
going?
Let's assume you've already got a website running on an IIS server. In
that case, you need to do three things:
- Make sure DeLeach is installed and enabled on your webserver.
(How do I do that?)
- Create directories (folders) in your website representing the
policies you want to use.
(Even if you haven't defined any
policies or rules of your own, the policies _self and _def are guaranteed to
work, so start with those.)
- Move the files you want to protect into the _self directory.
(You can also create stand-in files
in the _def directory if you want, but it's not necessary to do that right
now.)
DeLeach doesn't seem to be showing my protected files.
If your protected files don't show up, the most likely explanation is
that DeLeach isn't being activated. Check that:
- you've installed DeLeach correctly:
- In the IIS manager, right-click on websites,
- click Properties,
- click ISAPI filters,
- make sure DeLeach appears in the list of installed
filters, and that it has a green arrow beside it.
- In case of difficulty, you may need to install DeLeach
manually.
- you're looking at your website through the webserver (i.e. you're
not looking directly at the files themselves.
If that doesn't fix the problem, the trouble might be with your web
browser. Most web browsers can be set up to suppress the referer
headers which DeLeach uses. You can check this easily - the test picture at
left should be showing a glamour puss, not a hunk.
DeLeach isn't blocking my protected files correctly.
First, check the basics: are your protected files really protected? Make
sure they only appear in the _self directory, not in the website's root
directory, or the _def directory.
Now we need to check that it's not the effects of the browser you're
seeing. Type the web address of the protected file (e.g.
http://www.you.com/secret.jpg) into the browser's address bar, then
refresh the browser. Note that:
- Browsers like Firefox and Opera which allow you to view
picture won't necesarily refresh the file automatically. Make sure you
type in the address.
- You may have to be be quite insistent to persuade the browser to
refresh correctly - perhaps even clearing the cache (private data).
If it's so hard to see DeLeach blocking the protected files, how do I
know it's working?
There are things you can do to see DeLeach's effects more clearly:
- Refresh your browsers often, and clear the cache regularly. (If
you're developing websites, you should be doing this anyway.)
- After clicking onto a file, click on your browser's address bar and
press return. This will show you the same URL with the referer
information removed.
- Tell IIS to expire all pages immediately:
- In the IIS manager, right-click on the website or folder,
- click Properties,
- click HTTP Headers,
- make sure Enable Content Expiration is ticked, and
- set Expire Immediately
- Keep a browser aside for testing purposes, or else use a proxy to
look at your site from the outside.
- We have a tool which strips the referer header out of a request -
replace a link to secret.jpg with a link to
http://deleach.webgineers.co.uk/redirect.asp?http://www.you.com/secret.jpg
to see your files as external sites would see them. (That's how the demo at
left works)
Of course, you won't need to take such measures when you deploy the
website for real. This is just so you can defeat the caching on your
browsers.
You have to bear in mind that DeLeach isn't trying to protect your files
from you, it's trying to protect them from strangers. So the fact that it can
be tricky to do side-by-side comparisons in no way suggests that DeLeach isn't
working for you.